CVE-2022-48857: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path of ->probe function. port100_send_complete() accesses devm allocated memory which will be freed on probe failure. We should kill this urbs before returning an error from probe function to prevent reported use-after-free Fail log: BUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 Read of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26 ... Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670 ... Allocated by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524 alloc_dr drivers/base/devres.c:116 [inline] devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823 devm_kzalloc include/linux/device.h:209 [inline] port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502 Freed by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:236 [inline] __cache_free mm/slab.c:3437 [inline] kfree+0xf8/0x2b0 mm/slab.c:3794 release_nodes+0x112/0x1a0 drivers/base/devres.c:501 devres_release_all+0x114/0x190 drivers/base/devres.c:530 really_probe+0x626/0xcc0 drivers/base/dd.c:670
AI Analysis
Technical Summary
CVE-2022-48857 is a use-after-free (UAF) vulnerability identified in the Linux kernel's NFC subsystem, specifically within the port100 driver. The vulnerability arises due to improper error handling in the probe function of the port100 NFC driver, where USB Request Blocks (URBs) are not properly killed on error paths. The port100_send_complete() function accesses memory allocated via devm_kmalloc(), which is freed if the probe function fails. However, because usb_kill_urb() calls are missing on the error handling path, the URBs may still attempt to access this freed memory, leading to a use-after-free condition. This was detected and reported by Syzbot, a kernel fuzzing infrastructure, and confirmed by Kernel Address Sanitizer (KASAN) logs showing invalid memory reads during the port100_send_complete() execution. The root cause is a missing usb_kill_urb() invocation before returning an error from the probe function, which would otherwise prevent the use-after-free by ensuring that URBs are properly canceled. The vulnerability affects the Linux kernel NFC port100 driver, which handles Near Field Communication devices connected via USB. Exploitation of this flaw could lead to kernel memory corruption, potentially causing system crashes (denial of service) or enabling escalation of privileges if exploited by a local attacker. The vulnerability requires interaction with the NFC device and the presence of the port100 driver. There is no CVSS score assigned yet, and no known exploits in the wild have been reported. The issue was fixed by adding the missing usb_kill_urb() calls to the error handling path in the probe function, ensuring safe cleanup of allocated resources. This vulnerability is technical and specific to Linux kernel versions containing the vulnerable port100 driver code prior to the fix.
Potential Impact
For European organizations, the impact of CVE-2022-48857 depends largely on the deployment of Linux systems utilizing the port100 NFC driver. Organizations using Linux servers, desktops, or embedded devices with NFC hardware supported by port100 are at risk. Potential impacts include system instability or crashes due to kernel memory corruption, which can disrupt critical services and operations. More severe exploitation could allow local attackers to escalate privileges, compromising system confidentiality and integrity. This is particularly concerning for sectors relying on NFC for secure access control, payment systems, or identity verification, such as finance, transportation, and government agencies. Given the Linux kernel's widespread use in European infrastructure, including cloud services, telecommunications, and industrial control systems, unpatched systems could face increased risk of targeted attacks or accidental disruptions. However, exploitation requires local access or interaction with the NFC device, limiting remote attack vectors. The absence of known exploits reduces immediate threat but does not eliminate risk, especially as attackers may develop exploits post-disclosure. Organizations with strict security requirements and those using NFC-enabled Linux devices should prioritize patching to prevent potential privilege escalation or denial of service.
Mitigation Recommendations
1. Apply official Linux kernel updates that include the patch fixing CVE-2022-48857 as soon as they become available. Monitor vendor advisories for updated kernel packages. 2. For systems where immediate patching is not possible, consider disabling the port100 NFC driver if NFC functionality is not required, reducing the attack surface. 3. Implement strict access controls to limit local user access on Linux systems, minimizing the risk of local exploitation. 4. Monitor system logs for unusual kernel errors or crashes related to NFC or USB subsystems, which may indicate exploitation attempts. 5. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation success. 6. For embedded or specialized devices using NFC, coordinate with hardware vendors to ensure firmware and driver updates are applied. 7. Conduct security audits focusing on NFC device usage and Linux kernel versions in use to identify vulnerable systems. 8. Educate system administrators about the risks associated with NFC drivers and the importance of timely patching.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-48857: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path of ->probe function. port100_send_complete() accesses devm allocated memory which will be freed on probe failure. We should kill this urbs before returning an error from probe function to prevent reported use-after-free Fail log: BUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 Read of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26 ... Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935 __usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670 ... Allocated by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524 alloc_dr drivers/base/devres.c:116 [inline] devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823 devm_kzalloc include/linux/device.h:209 [inline] port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502 Freed by task 1255: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:236 [inline] __cache_free mm/slab.c:3437 [inline] kfree+0xf8/0x2b0 mm/slab.c:3794 release_nodes+0x112/0x1a0 drivers/base/devres.c:501 devres_release_all+0x114/0x190 drivers/base/devres.c:530 really_probe+0x626/0xcc0 drivers/base/dd.c:670
AI-Powered Analysis
Technical Analysis
CVE-2022-48857 is a use-after-free (UAF) vulnerability identified in the Linux kernel's NFC subsystem, specifically within the port100 driver. The vulnerability arises due to improper error handling in the probe function of the port100 NFC driver, where USB Request Blocks (URBs) are not properly killed on error paths. The port100_send_complete() function accesses memory allocated via devm_kmalloc(), which is freed if the probe function fails. However, because usb_kill_urb() calls are missing on the error handling path, the URBs may still attempt to access this freed memory, leading to a use-after-free condition. This was detected and reported by Syzbot, a kernel fuzzing infrastructure, and confirmed by Kernel Address Sanitizer (KASAN) logs showing invalid memory reads during the port100_send_complete() execution. The root cause is a missing usb_kill_urb() invocation before returning an error from the probe function, which would otherwise prevent the use-after-free by ensuring that URBs are properly canceled. The vulnerability affects the Linux kernel NFC port100 driver, which handles Near Field Communication devices connected via USB. Exploitation of this flaw could lead to kernel memory corruption, potentially causing system crashes (denial of service) or enabling escalation of privileges if exploited by a local attacker. The vulnerability requires interaction with the NFC device and the presence of the port100 driver. There is no CVSS score assigned yet, and no known exploits in the wild have been reported. The issue was fixed by adding the missing usb_kill_urb() calls to the error handling path in the probe function, ensuring safe cleanup of allocated resources. This vulnerability is technical and specific to Linux kernel versions containing the vulnerable port100 driver code prior to the fix.
Potential Impact
For European organizations, the impact of CVE-2022-48857 depends largely on the deployment of Linux systems utilizing the port100 NFC driver. Organizations using Linux servers, desktops, or embedded devices with NFC hardware supported by port100 are at risk. Potential impacts include system instability or crashes due to kernel memory corruption, which can disrupt critical services and operations. More severe exploitation could allow local attackers to escalate privileges, compromising system confidentiality and integrity. This is particularly concerning for sectors relying on NFC for secure access control, payment systems, or identity verification, such as finance, transportation, and government agencies. Given the Linux kernel's widespread use in European infrastructure, including cloud services, telecommunications, and industrial control systems, unpatched systems could face increased risk of targeted attacks or accidental disruptions. However, exploitation requires local access or interaction with the NFC device, limiting remote attack vectors. The absence of known exploits reduces immediate threat but does not eliminate risk, especially as attackers may develop exploits post-disclosure. Organizations with strict security requirements and those using NFC-enabled Linux devices should prioritize patching to prevent potential privilege escalation or denial of service.
Mitigation Recommendations
1. Apply official Linux kernel updates that include the patch fixing CVE-2022-48857 as soon as they become available. Monitor vendor advisories for updated kernel packages. 2. For systems where immediate patching is not possible, consider disabling the port100 NFC driver if NFC functionality is not required, reducing the attack surface. 3. Implement strict access controls to limit local user access on Linux systems, minimizing the risk of local exploitation. 4. Monitor system logs for unusual kernel errors or crashes related to NFC or USB subsystems, which may indicate exploitation attempts. 5. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation success. 6. For embedded or specialized devices using NFC, coordinate with hardware vendors to ensure firmware and driver updates are applied. 7. Conduct security audits focusing on NFC device usage and Linux kernel versions in use to identify vulnerable systems. 8. Educate system administrators about the risks associated with NFC drivers and the importance of timely patching.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-16T11:38:08.919Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe63d8
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 6/30/2025, 10:54:46 PM
Last updated: 8/14/2025, 10:30:08 AM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.